On Thursday 2012-05-17 22:15, Steffen Heil (Mailinglisten) wrote: > >> >> xt_esp generates debug output if you have "printk" sysctl set to show >it. >> >How would I do so? I never used sysctl for anything but enabling ip >> >forwarding.... >> sysctl -w kernel.printk="7 7 7 7" > >I did. And I tried ># echo "7 7 7 7" > /proc/sys/kernel/printk > >Nothing appears on `dmesg`. Sigh. Then I don't know, but it ought to be enabled somehow at runtime, this awesome dynamic printk thing. (provided it's compiled) >Also I noticed that xt_esp was not loaded automatically. I had to load it >using `insmod`. Is modprobe broken on your system? It is loaded automatically (try_then_request_module from the kernel). >But note, that I could not use -m esp --espspi either, see below. > >> ># iptables -t mangle -A PREROUTING -p esp --spi 0xcdfebb11 -j MARK >> >--set-mark 1 iptables v1.4.12: Gives: unknown option "--spi" >> --espspi per manpage. > >-m esp --espspi XXXXX >Or >-m polixy --spi XXXXX --dir in > >The later does not match, but I cannot even get the former one to be >accepted: > ># iptables -t mangle -D PREROUTING -p esp -m esp --espspi 0xcde0e1ca -j MARK >--set-mark 1 >iptables: No chain/target/match by that name. So, kernel without mangle table or without xt_esp or without MARK. Pretty easy: modprobe -q xt_esp ls -dl /sys/module/xt_esp etc. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
